» updatetask.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Network (3)

updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named UpdaterEX triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including UpdaterEX by installCore and Extended Update by installCore, both potentially unwanted software.

File name:

updatetask.exe

MD5:

8a843bf2d68aded1b6f4b87541112d2f

SHA-1:

dbe94caaf499f3ce049c83882bdd1e27c1fbb8de

SHA-256:

4732234415e855405a878a8422b7974012c4eaa6bfa89580b630bd7445beab86

Scanner detections:

5 / 68

Status:

Adware

Explanation:

The update task for the InstallCore download manager.

Analysis date:

4/18/2024 7:12:29 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.DealPly

4.0.3.14214

Boost by Reason

Optional.Task.K

188432

ESET NOD32

Win32/DealPly (variant)

8.9416

Panda Antivirus

Adware/DealsOnline

14.03.03.04

Reason Heuristics

PUP.UpdateProc.Task.K

14.3.3.16

File size:

107.5 KB (110,080 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\updaterex\updateproc\updatetask.exe

File PE Metadata

Compilation timestamp:

6/19/1992 7:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

3072:xzPDTMOPo6kD2ytmWaNNXN2GNgo6nLBLGGRB1tD:xHT1Po6QXMLNYVHt

Entry address:

0x15A40

Entry point:

55, 8B, EC, 83, C4, F0, B8, E8, 59, 41, 00, E8, 84, F1, FE, FF, 6A, 01, 68, F8, 58, 41, 00, 68, 2C, 59, 41, 00, 68, 60, 59, 41, 00, B9, 84, 5A, 41, 00, BA, A8, 5A, 41, 00, B8, A8, 5A, 41, 00, E8, 8B, 6E, FF, FF, E8, 6E, DF, FE, FF, 00, 00, FF, FF, FF, FF, 1A, 00, 00, 00, 61, 64, 62, 69, 2B, 56, 2D, 34, 2C, 74, 62, 69, 2D, 33, 2C, 61, 74, 6D, 72, 2A, 65, 67, 67, 64, 2D, 5D, 00, 00, FF, FF, FF, FF, 09, 00, 00, 00, 55, 70, 64, 61, 74, 65, 72, 45, 58, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Code size:

83 KB (84,992 bytes)

Scheduled Task

Task name:

UpdaterEX

Trigger:

Daily (Runs daily at 23:22)

Action:

updatetask.exe \check

The file updatetask.exe has been discovered within the following programs.

Extended Update by Hoolapp

Extended Update is a potentially unwanted application that is triggered to run daily by bypassing Windows User Account Control (UAC).

79% remove it

UpdaterEX by installCore

This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.

www.installcore.com

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to s3-1-w.amazonaws.com (205.251.242.248:80)

TCP (HTTP SSL):

Connects to ec2-54-243-113-33.compute-1.amazonaws.com (54.243.113.33:443)

TCP (HTTP SSL):

Connects to ec2-50-16-232-160.compute-1.amazonaws.com (50.16.232.160:443)

Remove updatetask.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.